v1.1.8 🔱

Author: RobertoPrevato

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.8] - 2025-10-03 :notes:
+
+- Improve the `Secret` class to always encode strings before comparing to `str`.
+
 ## [1.1.7] - 2025-10-01 :fallen_leaf:
 
 - Add a `Secret` class to handle secrets in code instead of using plain `str`. This

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Roberto Prevato
+Copyright (c) 2019-present Roberto Prevato, [email protected]
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

essentials/__init__.py

@@ -1 +1 @@
-__version__ = "1.1.7"
+__version__ = "1.1.8"

essentials/secrets.py

@@ -24,14 +24,18 @@ class Secret:
     "Secret('******')"
     """
 
-    def __init__(self, value: str, *, direct_value: bool = False) -> None:
+    def __init__(
+        self, value: str, *, direct_value: bool = False, encoding: str = "utf8"
+    ) -> None:
         """
         Create an instance of Secret.
 
         Args:
             value: The name of an environment variable reference (prefixed with $), or
                    a secret if direct_value=True.
             direct_value: Must be set to True to allow passing secrets directly
+            encoding: The encoding to be used when comparing strings with
+                    secrets.compare_digest.
 
         Raises:
             ValueError: If a secret is provided without explicit permission.
@@ -45,6 +49,7 @@ def __init__(self, value: str, *, direct_value: bool = False) -> None:
                 "directly."
             )
         self._value = value
+        self._encoding = encoding
         # Validate that we can retrieve a value
         value = self.get_value()
         if not isinstance(value, str) or not value:
@@ -86,6 +91,9 @@ def get_value(self) -> str:
             return value
         return self._value
 
+    def _get_value_bytes(self) -> bytes:
+        return self.get_value().encode(self._encoding)
+
     def __str__(self) -> str:
         return "******"  # Never expose the actual value
 
@@ -102,9 +110,11 @@ def __eq__(self, other: object) -> bool:
         if isinstance(other, str):
             # Using constant-time comparison to prevent timing attacks, with
             # secrets.compare_digest.
-            return secrets.compare_digest(self.get_value(), other)
+            return secrets.compare_digest(
+                self._get_value_bytes(), other.encode(self._encoding, errors="ignore")
+            )
 
         if not isinstance(other, Secret):
             return NotImplemented
 
-        return secrets.compare_digest(self.get_value(), other.get_value())
+        return secrets.compare_digest(self._get_value_bytes(), other._get_value_bytes())

tests/test_secrets.py

@@ -138,3 +138,19 @@ def test_from_plain_text_with_empty_string():
     """Test that from_plain_text with empty string raises ValueError."""
     with pytest.raises(ValueError, match="Secret value must be a non-empty string"):
         Secret.from_plain_text("")
+
+
+def test_secrets_support_utf8_chars():
+    secret = Secret("ØØ Void", direct_value=True)
+    assert secret == "ØØ Void"
+
+
+def test_secrets_work_with_invalid_unicode():
+    secret = Secret("ØØ Void", direct_value=True)
+    assert secret != "Hello\ud800World"  # invalid unicode
+
+
+def test_secrets_with_special_characters():
+    """Test secrets with various special Unicode characters."""
+    secret = Secret("🔐密码🌟", direct_value=True)
+    assert secret == "🔐密码🌟"